New Intelligent Threat Detection and Prevention Controls Built Natively into Box
Box, Inc. (NYSE: BOX) has announced Box Shield, a set of new content security controls and intelligent threat detection capabilities that enables enterprises to power secure collaboration and workflows around their most valuable content in the cloud. Built natively into Box, Box Shield helps prevent accidental data leakage, detects potential access misuse, and proactively identifies relevant threats.
“The pace of business today demands that every enterprise move its content to the cloud to power collaboration and drive business processes both inside and outside the organization. Box Shield is a huge advancement that will make it easier than ever to secure valuable content and prevent data leaks without slowing down the business or making it hard for people to get their work done,” said Jeetu Patel, Chief Product Officer at Box. “With Box Shield, enterprises will receive intelligent alerts and unlock insights into their content security with new capabilities built natively in Box, enabling them to deploy simple, effective controls and act on potential issues in minutes.”
“Today’s competitive environment demands greater alignment between security and the business. Enterprises need an integrated approach to security that is woven into the fabric of their business processes,” said Lakshmi Hanspal, Global Chief Information Security Officer at Box. “Box Shield brings adaptive security controls and threat detection directly to workflows in Box with easy-to-use, built-in controls that help reduce risk and empower the business to work more collaboratively all over the world.”
Preventing Accidental Data Leaks
Box Shield helps enterprises prevent accidental data leaks through a system of manual or automated security classifications for files and folders, and classification-based access policies. Account admins can define custom classification labels and policies per label that combine multiple security controls, such as:
- Shared link restriction: Specify who can access shared links. For example, when a file is labeled [Internal], sharing can be restricted to the company and specified collaborators only.
- External collaborator restriction: Limit external collaboration to approved lists of domains or completely block it based on the sensitivity of the content. For example, when a file is labeled as [Restricted PII], external collaboration could only be allowed with business partners that are approved data processors.
- Download restriction: Restrict file or folder downloads across specific applications. For example, specify that downloads be restricted when users are using the Box web app, mobile, or Box Drive.
- Application restriction: Specify which third-party applications and custom apps can download sensitive content from Box.
- FTP restriction: Restrict FTP transfers and uploads of files and folders.
“At IU, sensitive information changes hands thousands of times each day on our campuses with over 100,000 users and thousands of collaborators around the world,” says Bob Flynn, Manager, Cloud Technology Support at Indiana University. “With the introduction of Box Shield, we can apply native data classifications and design policies aligned to our own business and compliance rules. By protecting content with precision, we can help IU reduce risk without compromising speed and collaboration.”
Detecting Threats with Machine Learning-Powered Alerts
In addition to preventing accidental data leakage via classification-based security policies, Box Shield empowers customers to detect abnormal and potentially malicious behavior from internal and external threats. Powered by machine learning, Box Shield identifies and alerts admins of potential threats such as:
- Anomalous downloads: Receive real-time, contextual alerts when unusual user behavior is detected that indicates attempted data theft, such as notable changes to download behavior.
- Suspicious sessions: Detect a potentially compromised account based on a rapid change in an employee’s location, as well as additional context about the browsers, devices, and Box applications that they typically use. For example, if someone is downloading a file in London and then sharing a different file from Singapore five minutes later, it’s possible their account is compromised.
- Access from suspicious locations: Detect access or downloads happening in untrusted locations or high-risk countries that are defined by a security team’s policy-defined whitelists or blacklists of locations and IP ranges.
Deep Integrations with Enterprise Security Leaders
Box Shield complements and integrates with a wide range of existing best-of-breed security investments. Contextual alerts from Box Shield, containing more actionable insights than ever before, can be integrated with SIEM solutions from partners such as Sumo Logic, AT&T Cybersecurity, and IBM, as well as CASB solutions from Symantec, McAfee, Palo Alto Networks, and Netskope.
“Organizations of all sizes are increasingly aware of the need to secure critical information and protect against threats without compromising user experience,” said Garrett Bekker, Principal Analyst for Information Security at 451 Research. “Investments in native security controls by cloud platform vendors can provide useful and timely insights and serve as a valuable complement to an organization’s overall security portfolio.”
Box Shield is in private beta and will become generally available in the fall of 2019.